search

yonahd / kor

A Golang Tool to discover unused Kubernetes Resources
MIT License
1.03k stars 94 forks source link

Can't seem to exclude multiple labels #219

Closed niclan closed 7 months ago

niclan commented 8 months ago

Describe the bug Documentation states that this is the correct usage: --exclude-labels key1=value1,key2=value2.

I get this to work correctly with one but not two keys/value pairs.

To Reproduce

I built kor from :latest today.

(⎈|vg-k8s:ops-production)
✔ 14:10 ~/git/k8s-wash [main|✚ ] $ ./kor --include-namespaces ops-production secret
kor version: vdev

  _  _____  ____
 | |/ / _ \|  _ \
 | ' / | | | |_) |
 | . \ |_| |  _ <
 |_|\_\___/|_| \_\

Unused Secrets in Namespace: ops-production
+---+------------------------------+
| # |        RESOURCE NAME         |
+---+------------------------------+
| 1 | ceph-secret-kube             |
| 2 | cephfs-secret-kube           |
| 3 | dex-dex                      |
| 4 | fluentbit-retention-tokens   |
| 5 | test-secrets-prod-89dk7b7c98 |
+---+------------------------------+

The ceph and fluentbit secrets must not be deleted, they should be hanging around in all the namespaces in case they're needed.

$ kubectl get secret -o yaml ceph-secret-kube
apiVersion: v1
data:
...
  labels:
    kubed.appscode.com/origin.cluster: unicorn
    kubed.appscode.com/origin.name: ceph-secret-kube
    kubed.appscode.com/origin.namespace: kube-system
...

and

$ kubectl get secret -o yaml fluentbit-retention-tokens
apiVersion: v1
data:
...
  labels:
    kubed.appscode.com/origin.cluster: unicorn
    kubed.appscode.com/origin.name: fluentbit-retention-tokens
    kubed.appscode.com/origin.namespace: monitoring

So 

(⎈|vg-k8s:ops-production)
✔ 14:30 ~/git/k8s-wash [main|✚ ] $ ./kor --include-namespaces ops-production --exclude-labels kubed.appscode.com/origin.namespace=kube-system secret
kor version: vdev

  _  _____  ____
 | |/ / _ \|  _ \
 | ' / | | | |_) |
 | . \ |_| |  _ <
 |_|\_\___/|_| \_\

Unused Secrets in Namespace: ops-production
+---+------------------------------+
| # |        RESOURCE NAME         |
+---+------------------------------+
| 1 | dex-dex                      |
| 2 | fluentbit-retention-tokens   |
| 3 | test-secrets-prod-89dk7b7c98 |
+---+------------------------------+

Works for one label. But

(⎈|vg-k8s:ops-production)
✔ 14:31 ~/git/k8s-wash [main|✚ ] $ ./kor --include-namespaces ops-production --exclude-labels kubed.appscode.com/origin.namespace=kube-system,kubed.appscode.com/origin.namespace=monitoring secret
kor version: vdev

  _  _____  ____
 | |/ / _ \|  _ \
 | ' / | | | |_) |
 | . \ |_| |  _ <
 |_|\_\___/|_| \_\

Unused Secrets in Namespace: ops-production
+---+------------------------------+
| # |        RESOURCE NAME         |
+---+------------------------------+
| 1 | ceph-secret-kube             |
| 2 | cephfs-secret-kube           |
| 3 | dex-dex                      |
| 4 | fluentbit-retention-tokens   |
| 5 | test-secrets-prod-89dk7b7c98 |
+---+------------------------------+

Nothing is excluded when two labels are specified.

I had a go at the source code, but I don't know go and the API docs quickly got a bit byzantine for me.

Expected behavior

Exclude several labels as documented.

Screenshots

See log above

OS version, architecture and kor version

Additional context

Thanks

yonahd commented 8 months ago

Thanks for reporting the issue. Currently the include and exclude flags are taking the input as a string instead of a string slice.

We will address this issue in the next release hopefully.

As a temporary workaround you can use https://github.com/yonahd/kor?tab=readme-ov-file#ignore-resources

yonahd commented 7 months ago

Hi @niclan This should be solved in the newest release v0.3.7 Let me know if there are any further issues